generic mapping inherit

diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index 2be59289347a7bf126bb00c4371bfef187729891..1fff623422aa945582dbe9135c164819f620bd64 100644 (file)
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -73,6 +73,9 @@ void security_acl_map_generic(struct security_acl *sa,
        }
 
        for (i = 0; i < sa->num_aces; i++) {
+               if (sa->aces[i].flags & SEC_ACE_FLAG_INHERIT_ONLY) {
+                       continue;
+               }
                se_map_generic(&sa->aces[i].access_mask, mapping);
        }
 }

diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c
index 6e20e90bee52b8fb6135fdf1e13debebf3adecae..8a7060cee18187bb6f64cb5a9c97854d4fee326d 100644 (file)
--- a/libcli/security/secdesc.c
+++ b/libcli/security/secdesc.c
@@ -521,6 +521,11 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
                        }
                }
 
+               if (ace->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
+                       creator = &ace->trustee;
+                       ptrustee = &ace->trustee;
+               }
+
                /* The CREATOR sids are special when inherited */
                if (dom_sid_equal(ptrustee, &global_sid_Creator_Owner)) {
                        creator = &global_sid_Creator_Owner;
@@ -622,6 +627,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
                }
        }
 
+       security_acl_map_generic(new_dacl, &file_generic_mapping);
+
        *ppsd = make_sec_desc(ctx,
                        SECURITY_DESCRIPTOR_REVISION_1,
                        SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT|